Issues and Challenges in Computer World

Abstract

At the early age of the computers, there was no such a thing called “Computer Crime” since the computer had a limited use, and it wasn’t something can be used by public domain. Ever since the computer started to be accessible by thousands of people worldwide in the 1940s and 1950s via the telephone network and the telegraph network which considered the predecessors to the modern Internet.

Ever since the charges were made for the use of these networks and since they were used for commercial purposes, there were both crimes using the networks (e.g. taking advantage of wire transfer mechanisms for sending money over the telegraph systems) and network crimes (e.g. using equipment to tap into the lines and make calls without paying).

As computers usage has gain popularity around the world, our daily lives depending heavily in its existence throughout businesses and personal usage. With dramatically increase of the computer usage around the world, the computer misuse, and the computer crimes has become the main issues that raise the concerns in any society and the rest of the world. Most of the crimes that have been committed in the old days have been promoted in new ways via computers misuse which are unwelcome by the society, and required criminal sanctions to be imposed (Adams and McCrindle, 2008).

Today the challenges and the computer crimes that face any society are more sophisticated, and easy to commit with the existence of the Internet technology, and other technologies in our daily lives. 

Issues and Challenges

With the heavy usage of the computer networks through businesses, organizations, public sectors, and personal use, many misuse of computer activities has been increased these days. These activities imposed new challenges to our modern societies that needed new methods to control such activities and prevent the spread of such behaviours in our societies. For example, most of the crimes that were committed by external hackers rely on the ignorance, and innocence of the insiders to gain access. Also, most of the internal attacks often involve misuse of legitimate access rather than finding ways around the security systems (Adams and McCrindle, 2008).

Adams and McCrindle (2008) explained some of the challenges that face our modern societies these days are:

 

  • Computer Fraud – Committing fraud by accessing or changing electronic information.
  • Phishing – Directing a web browser to a clone of a secure site to obtain login details. Also, using DNS cracks to perform phishing attacks (Pharming).
  • Trojan horse – Programs pretend as something else, but once it runs or opened it does something unexpected.
  • Virus – A program that is embedded within another program or data file which can copy itself into other programs.
  • Worm – A program that copies itself across a network without requiring a virus program to gain access to a system.
  • Virus-warning hoaxes – Running a circular e-mail that can carry a virus through attachments.
  • Hackers – Someone who can connect remotely to an organization’s server with unauthorized access and use the technical capability to access information.
  • Spam – Messages circulated through the Internet through an electronic junk e-mails.

Woody and Qayoumi (2009) argued that since the information security is too hard to be defined, the tasks required to protect such systems most of the time is unclear, and the work required to that protection seems never to be finished. However, the loss of confidential information of any organization because of the security was compromised; or because of the communication is lost due to virus or worms can be devastated to any organization.

Information and data for any organization are huge assets and by using a poor methods to protect such data can compromise the safety of these information. Since the technology continues to change, with new capabilities and also the infrastructures are dramatically changing, information security has to be treated as a journey not as a specific destination. No single method can be the solution for good information security, many methods combined that can reduce risk, provide early warning to any problem is a good strategy to secure information (Woody and Qayoumi, 2009).

The key of information security success can be accomplished by applying the standard practices for prevention, such as monitoring, reviewing policies, and putting the right disaster recovery plan in place. Also, the standard that will be applied for any organization will be varying based on the potential impact of the problem, and how likely to happen. Any organization or even a country addressing the information security issues, and developing understanding goals to protect such information and reach an agreement toward solution is the first step in a good security strategy. The solution should include, and not limited to the following: concerns about information confidentiality, privacy, reliability, integrity, and the availability of data (Woody and Qayoumi, 2009).  

National Research Council Staff (1990) explained that organizations and people can describe their needs in using computers based on the information security, and the trust in systems being used, and that required certain conditions which are:

 

  • Confidentiality – Determine and control who gets to read their information.
  • Integrity – assuring that computer programs and information are changed under certain specifications designed by the users, and authorized by the users.
  • Availability – guarantee that the access to the information and the resources are accessed by authorized users.

Suggested Solutions

 National Research Council Staff (1990) stated that the challenges that face the data security in the internet age are big issues, and the risks to valuable and sensitive data are greater than ever before. To protect all the elements of complex computing systems, security issues have to be addressed from all the directions, and in many dimensions. Some of these dimensions are:

 

  • Physical data security – Computers must be physically inaccessible to unauthorized users.
  • Personal data security – Where the people responsible for the system administration and data security must be reliable.
  • Procedural data security – where every task has different responsibility and different person to deal with this task.
  • Technical data security – where storage, access, manipulation, and transmission of data must be safeguarded by technology that enforce the control policies.

Personick and Patterson (2003) stated that the Internet allows business to use information more effectively, by allowing customers, suppliers, employees and partners to get access to the business information they need, when they need it. While putting business systems on the Internet offers potentially unlimited opportunities for increasing efficiency and reducing cost, it also offers potentially unlimited risk. Security mechanisms for Internet-enabled systems must be in place and these systems have to implement the following mechanism:

 

  • Scalability – Where the Internet systems has to support large amount of users than any other traditional systems.
  • Manageability –Where mechanisms of security that identifying users and managing their access is very important.
  • Interoperability – Internet systems must exchange data with other systems with secure mechanism that can guarantee the confidentiality and the security of data exchange.

Conclusion

Protecting computers, data, and information security is not a one man job; it’s the effort of different layers of the society and starts with the government rules and regulations. National Research Council Staff (1990) stated that there is an urgent need to establish an information security foundation, and for that reason the following recommendations has be taken into account:

 

  • Certain requirements have to be considered to commercial systems in private sectors and government offices to guarantee the right access to sensitive and unclassified information.
  • Conducting a periodic evaluation for the security measures that implemented within private sectors, government offices.
  • Developing the systems responsible for tracking and reporting security and safety issues (security incidents, threats and vulnerabilities) that encountered on a daily basis.
  • Promoting effective use of security techniques and establish an educational methodologies that educate best practice toward security measures.
  • Dedicate efforts toward achieving standardization and security best practice.

References

Adams, A. & McCrindle, R. (2008) Social and Professional Issues of the Information Age.England: John Wiley & Sons, Ltd.

National Research Council Staff (1990) Computers at Risk: Safe Computing in the Information Age, National Academies Press [Online]. Available from: http://site.ebrary.com.ezproxy.liv.ac.uk/lib/liverpool/docDetail.action?docID=10056738 (Accessed: 31 October 2009).

Personick, S. & Patterson, C. (2003) Critical Information Infrastructure Protection and the Law: An Overview of Key issues, National Academies Press [Online]. Available from: http://site.ebrary.com.ezproxy.liv.ac.uk/lib/liverpool/docDetail.action?docID=10046876

(Accessed: 31 October 2009).

Woody, C. & Qayoumi, M. (2009) Addressing Information Security Risk [Online]. Available from:

http://www.educause.edu/EDUCAUSE+Quarterly/EDUCAUSEQuarterlyMagazineVolum/AddressingInformationSecurityR/157366 (Accessed: 31 October 2009).

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: